87 users online (0 members and 87 guests)  

  Results 1 to 2 of 2


  1. Replies: 0
  2. Replies: 0
  3. mikerowesoft.com - The public view    Forum: One Stop Domains Forum
    Replies: 3
  1. #1
    khcm8jw's Avatar
    New User

    Join Date
    Nov 2005

    Lightbulb secure login to website using public key cryptography

    I'm learning about CGI and Perl at the moment and I have some ideas which I'm not sure are good or not.
    I have a simple mysql database, which will hold user, products and order information.
    I am using CGI/Perl to access that database and very simple html forms as the front end.
    I really want to make a secure site, the first problem that I have thought about is the initial authorisation of a user.
    my idea is in the database I will have a table that holds the username and an encrypted copy of their password xor'd with a constant SALT value (also stored in the table).
    When a user goes to log on I want to send them a Random SALT value. The client will then xor the SALT with the password and encrypt it with my sites public key and send it back.
    The server will take this information and decrypt it using the private key and xor it with the random SALT to get the password, it will also decrypt the password stored in the user table and xor it with the constant SALT to get the password. The passwords are then compared and if they match I will kick off the next process or allocating session variables etc.
    Now, because I am new to this my questions are:
    A) Is this a totally complex and stupid idea?
    B) Does PERL already have libraries that do this?
    many thanks

  2. #2
    vinyl-junkie's Avatar

    Join Date
    Sep 2005

    Re: secure login to website using public key cryptography

    I don't know whether there are code libraries available, but a little Googling yielded a pretty good resource for authentication scripts here. Hope this helps.
    Music Around The World - Collecting tips, trade
    and want lists, album reviews, & more

Tags for this Thread